MetaKeep supports setting up an app policy to restrict the management and usage of certain app features. This allows you to set up a quorum of members who need to approve certain actions. The quorum members can be external keys and they need to sign the request too to approve the action
Here are a few examples of how the policy can be used:
- You can create a new API key for an app and require an
external hardware walletto add a new API key or delete an existing API key. - You can require a quorum of members to approve the app update or policy update.
- You can
freeze the appand require aquorum of members to unfreeze the app.
Note that you can
accidentally lockyourself out of the app if you set up the policy incorrectlyPlease get in touch with us before setting up the policy to ensure that the policy is set up correctly. Make sure any external quorum members are recoverable in case they are lost.
Policy quorum
There are 2 types of quorum members supported:
- ACCOUNT_ADMIN: The account admin is the owner of the MetaKeep console account or any other
account(shared account)that has admin access to your account. - SOL_ADDRESS: An
external Solana addressthat needs to approve the action. The public key of the Solana address needs to be provided.
The quorum has the following restrictions:
ACCOUNT_ADMINis always part of the quorum.- The
max quorum size currently suppported is 2. - The quorum is
n-of-n. This means that all quorum members need to approve the action.
Policy types
The app policy currently has apiKeysOwnership policy type. This policy type restricts the management and usage of the API keys and other related features.
If set, the following fields require the quorum in apiKeysOwnership.quorum to be satisfied:
policy.apiKeysOwnership: Any changes to theapiKeysOwnershippolicy.apiKeys.*: Any changes(add/delete/update) to the API keys.apiSignatureRequired: Any changes to theapiSignatureRequiredfield.